Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-11 | CVE-2022-38387 | OS Command Injection vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2022-11-03 | CVE-2022-35717 | OS Command Injection vulnerability in IBM Infosphere Information Server 11.7 "IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 7.8 |
| 2022-11-02 | CVE-2022-33870 | OS Command Injection vulnerability in Fortinet Fortitester An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | 7.8 |
| 2022-10-30 | CVE-2022-44019 | OS Command Injection vulnerability in Totaljs Total.Js In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter. | 8.8 |
| 2022-10-27 | CVE-2022-31898 | OS Command Injection vulnerability in Gl-Inet Gl-Ax1800 Firmware and Gl-Mt300N-V2 Firmware gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters. | 6.8 |
| 2022-10-27 | CVE-2022-42055 | OS Command Injection vulnerability in Gl-Inet Goodcloud 1.00.220412.00 Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. | 6.5 |
| 2022-10-26 | CVE-2022-42999 | OS Command Injection vulnerability in Dlink Dir-816 Firmware 1.10B05 D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm. | 7.5 |
| 2022-10-25 | CVE-2022-29520 | OS Command Injection vulnerability in Goabode Iota All-In-One Security KIT Firmware 6.9Z An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. | 9.8 |
| 2022-10-25 | CVE-2022-29851 | OS Command Injection vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6 documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document. | 9.8 |
| 2022-10-25 | CVE-2022-30541 | OS Command Injection vulnerability in Goabode Iota All-In-One Security KIT Firmware 6.9X/6.9Z An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. | 9.8 |